127117 – Update OpenSSL in the stable branch to version 0.9.8zh

Issue 127117 - Update OpenSSL in the stable branch to version 0.9.8zh

Summary: Update OpenSSL in the stable branch to version 0.9.8zh

Status:	CLOSED FIXED

Alias:	None

Product:	General
Classification:	Code
Component:	code (show other issues)
Version:	4.1.2
Hardware:	All All

Importance:	P5 (lowest) Normal (vote)
Target Milestone:	4.1.6
Assignee:	AOO issues mailing list
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-15 21:58 UTC by Pedro Giffuni
Modified:	2022-10-28 12:54 UTC (History)
CC List:	3 users (show)

See Also:
Issue Type:	PATCH
Latest Confirmation in:	4.1.5
Developer Difficulty:	---

Flags:	pats: 4.1.3_release_blocker- arielch: 4.1.4_release_blocker- petko: 4.1.6_release_blocker+

Attachments
Minor update patch (8.52 KB, patch) 2016-09-16 18:29 UTC, Pedro Giffuni	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Pedro Giffuni 2016-09-15 21:58:22 UTC

AOO 4.1.2 included a very old version of OpenSSL which has known vulenrabilities. For a minor release it is inconvenient to bring the newer major release but we should at least bring version 0.9.8zh.

For this we would need to merge r1722228, r1722238, and r1722239 to the release branch.

Comment 1 orcmid 2016-09-15 23:01:11 UTC

Taken by the Security Team

Comment 2 orcmid 2016-09-15 23:02:09 UTC

Taken by security team

Comment 3 orcmid 2016-09-16 16:33:18 UTC

Restored as a non-security matter.  The assignment to security was mistaken.

Comment 4 Pedro Giffuni 2016-09-16 18:29:13 UTC

Created attachment 85675 [details]
Minor update patch

This would be the change in patch form.
While here: the URL for old versions has changed in the OpenSSL site so set a new one that works.

Comment 5 Ariel Constenla-Haile 2017-02-01 17:01:48 UTC

Not suitable for 4.1.4

Comment 6 Matthias Seidel 2018-09-13 20:33:41 UTC

Committed to branch AOO 4.1.6 with:

 - r1839347
 - r1839357
 - r1839422

Comment 7 Peter 2018-09-16 09:21:03 UTC

Accepted for 4.1.6

Comment 8 Matthias Seidel 2018-09-16 18:22:04 UTC

Already fixed, but I can't set Target Milestone to 4.1.6.

Comment 9 Marcus 2018-09-16 18:52:11 UTC

Target 4.1.6 is now available